New Trojan program squashes adware

A new Trojan horse program that attacks and removes troublesome advertising software, known as "adware," is circulating on the...

A new Trojan horse program that attacks and removes troublesome advertising software, known as adware, is circulating on the internet, according to anti-virus company Symantec.

The program, called Downloader.Lunii, was discovered on 4 October. When run, it attempts to kill off computer processes and delete files used by common adware programs like Powerscan and BargainBuddy.

However, Lunii is not entirely benevolent. Like other Trojan horse programs, it also modifies the configuration of Microsoft Windows machines and attempts to download files from a remote location, Symantec warned.

Trojan horse programs are a part of a growing problem related to surreptitious monitoring and remote access programs on the internet, which are often referred to as "spyware".

The programs can be unwittingly installed by users who open e-mail file attachments, or click on links in e-mail messages or on websites that download and install the programs on the user's computer.

Unlike viruses and worms, Trojan horse programs do not try spread from machine to machine after they are installed. Instead, the programs run quietly in the background of the systems they infect, providing remote attackers with access to compromised machines.

Lunii works by halting Windows processes that adware programs use to communicate and by removing known adware programs from systems it infects.

The Trojan program also modifies a Windows file called the "hosts" file, inserting its own list of bogus websites, which may block access to certain web pages, Symantec said.

Lunii was rated a low threat by Symantec, which has released an anti-virus signature to detect the Trojan.

The proliferation of spyware programs in the last year has been linked to the growth of organised criminal groups that pursue illicit gain through identity theft, extortion and other online scams, often using spyware programs to steal data or hijack compromised machines to use in online denial of service attacks.

The problem has attracted the attention of US lawmakers. The US House of Representatives voted 399-1 to pass a bill dubbed the SPY ACT (Securely Protect Yourself Against Cyber Trespass), which makes it illegal to download programs onto other users' computers without their permission, hijack someone's computer or modify its configuration settings.

Symantec recommended that its customers update their virus definitions to detect Lunii and provided instructions for removing malicious programs once they are installed.

Paul Roberts writes for IDG News Service

Read more on IT strategy